Phishing Defense

New Voice Scams: What to Listen For

OCT 28, 2025

Social Engineering 2.0: The Rise of AI Impersonation

Phishing is no longer just about suspicious emails. Attackers are increasingly using highly convincing Voice Phishing (Vishing) and AI voice cloning to trick victims into giving up critical information or transferring funds. These scams exploit your trust and sense of urgency.

Our "Security In Five" guide shows you how to immediately spot the new, sophisticated audio tactics being used by cybercriminals.

Tactic 1: The Urgent 'Executive' Call

The most dangerous new scam involves an urgent, unsolicited phone call, often targeting the finance or HR departments. The criminal uses a voice cloned from an actual executive (CEO, CFO) to demand an immediate, confidential fund transfer or password reset.

  • What to Listen For: An overly aggressive tone that bypasses standard protocol, poor audio quality, or a strange delay in the conversation.
  • The 5-Minute Fix: Hang up immediately. Do not discuss the request. Contact the executive directly using a verified, internal channel (e.g., Slack, an internal phone line) to confirm the request is real.

Tactic 2: The 'Help Desk' Verification Trap

In this tactic, you receive a call from an alleged "Help Desk" or "IT Support" employee, often claiming to be verifying a password change or resolving a supposed account lock. They sound professional and use familiar internal jargon.

  • What to Listen For: Any request for your password, a one-time login code (MFA), or a request for you to install "remote access software" on your computer.
  • The 5-Minute Fix: Remember: Legitimate IT will never call you and ask for your password or MFA code. End the call and manually look up and dial your company's official IT support number to report the incident.

Tactic 3: The Fake Family Crisis

This is a personal vishing attack where a scammer uses a cloned voice of a family member (child, spouse) to claim they are in immediate danger, jail, or need money transferred quickly.

  • What to Listen For: Any extreme sense of panic or urgency demanding a quick, irreversible action like sending cryptocurrency or gift cards.
  • The 5-Minute Fix: Before doing anything, use a predetermined, secret "verification word" or "code phrase" only your family knows. If the caller can't provide it, it is a scam.

Final Thought

The best defense against a voice scam is protocol, not panic. If a call feels wrong, it is wrong. Always verify requests through a second channel before proceeding.